terraform at adobe

Terraform at AdobeKelvin Jasperson

Introduction

2

Systems Engineer @ Adobe Audience Manager (AAM)Been with Adobe for 18 months

AAM was acquired by Adobe in 2011, and is 100% in AWS

Twitter- @zxjinn

HashiCorp

3

Raise your hands• Who knows what Terraform is?• Who uses Terraform?• … in production?

4

Terraform• Infrastructure as code• Supports many providers• AWS• Azure• Digital Ocean• Google Cloud• Heroku• OpenStack• VMware vSphere/vCloud Director• others…

5

Why Terraform?• Fun to write• Easy to extend with modules• Shows the execution plan (no-op)• State stored in a committable file

6

Basic Terraform Example

Basic Terraform Example $ cat main.tfresource "aws_instance" "app" { ami = "ami-d1f482b1" count = 5 instance_type = "t2.micro"}$ terraform plan+ aws_instance.app.0...+ aws_instance.app.1...$ terraform applyaws_instance.app.0: Creating...Apply complete! Resources: 5 added, 0 changed, 0 destroyed.$

8

It worked! Parallel, takes ~1 min

9

Basic Terraform Destroy$ terraform destroyDo you really want to destroy? Terraform will delete all your managed infrastructure. There is no undo. Only 'yes' will be accepted to confirm. Enter a value:

10

yes

aws_instance.app.0: Destroying...Apply complete! Resources: 0 added, 0 changed, 5 destroyed.$

It worked! Parallel, takes ~1 min

11

More than just EC2 instances• S3- Simple Storage Service• CloudFormation• VPC- Virtual Private Cloud• SQS- Simple Queue Service• Route53- Hosted DNS• RDS- Relational Database Service• IAM- Identity and Access Management• ECS- EC2 Container Service• others…

12

Modules, Compositions, and Clusters

13

Modules• Self-contained reusable code• Behavior changes based on inputs• Terraform code

14

Clusters

Compositions

Modules • Foundation

Compositions• Pre-defined collections of modules• Passes parameters to many modules• Terraform + Jinja

15

Clusters

Compositions

• Frame


Clusters• Passes params to one composition• Ultimate source of truth• YAML

16

Clusters • Blueprint

Compositions

• Frame


For example• Module• VPC module- NAT and Bastion instances, security groups, etc• App1 module- App1 Instances, SQS queues, S3 buckets, subnets• DB1 module- RDS instances, security groups• Admin module- Instances- config management, monitoring, etc

• Composition• Edge composition- VPC, App1, DB1, Admin• DataProcessing composition- VPC, App2, DB2, Admin• Delivery composition- VPC, App3, Admin

17

Analogous to modern Puppet design• Terraform Modules = Puppet Modules• Compositions = Roles and Profiles• Clusters = ENC and Hiera

18

Ops wrapper• Reads cluster YAML variables• Reads composition (.tf.jijna2), writes Terraform (.tf) files with cluster

variables injected

19

Demo!

20

The Future• Jenkins runs Terraform and commits statefile• Web interface to generate cluster YAML files for self service• Pending discussion: ops wrapper generates Terraform JSON instead of

parsing jinja

21

Lessons Learned, Best Practices• A springboard for Terraform (ops wrapper for us) is invaluable• Terraform HCL + Jinja templates are easier to write and read than

Terraform JSON• Make 1 cluster = 1 vpc = 1 environment = 1 purpose• Reproducible environments• Separated Terraform statefiles per cluster

• Version user data in a map variable• Symlink shared Terraform files in modules• Separate “common” infrastructure like- S3 buckets, SQS, IAM to its own

cluster

22

Don’t• Get impatient with Terraform• Go in guns blazing and use it in production on day 1• Skip reading the Terraform docs

23

Woohoooo!• 85% of our production infrastructure is managed with Terraform!

24

Questions?

25

terraform at adobe

Technology